Default ACLs for FILE: ccaches on Windows

Jeffrey Altman jaltman at MIT.EDU
Mon Jul 24 15:04:39 EDT 2006

Henry B. Hotz wrote:
>> krb5_fcc_initialize() has the property that it deletes the existing  
>> file
>> with unlink() and then creates a new file for the empty ccache.  The
>> unwanted side effect is that any ACLs which have been set on the file
>> are lost.
> Are POSIX semantics insufficient?  Not all platforms support ACL's.

I'm not suggesting that other platforms support ACLs.  I'm suggesting
that on Windows that file ccaches should not be created with the default
ACLs which tend to be much too permissive.

Jeffrey Altman

More information about the krbdev mailing list